diff options
Diffstat (limited to 'init')
| -rwxr-xr-x | init | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -357,6 +357,13 @@ if [ -z "$machines" ]; then error fi +# Create /build/tftp. We make it a size-limited tmpfs since potentially- +# compromized VMs will be able to upload to. +# +mkdir -p /build/tftp +o="nodev,noexec,nosuid,size=200M,mode=0755,uid=$(id -u build),gid=$(id -g build)" +echo "tmpfs /build/tftp tmpfs $o 0 0" >>$fstab + # Configure Postfix. # cat <<<"$hname" >/etc/mailname @@ -410,6 +417,16 @@ if [ -n "$ssh_key" ]; then chmod 600 /root/.ssh/authorized_keys fi +# Configure the TFTP server (tftpd-hpa). +# +# We could have ran it as user 'build' but since it is read-only, the default +# user 'tftp' works just as well. Note that by default it is running chroot'ed +# (--secure) so no symlinks pointing outside /build/tftp will work. +# +sed -r -i \ + -e "s%^(TFTP_DIRECTORY).*%\1=\"/build/tftp\"%" \ + /etc/default/tftpd-hpa + # Hand off to systemd. But first arrange to keep console output (which # becomes tty1). # |